Editorial: The enormous risks of the Equifax hack

Chronicle Editorial Board

September 8, 2017Updated: September 9, 2017 7:15am

Photo: Mike Stewart, Associated Press

This July 21, 2012, photo shows Equifax Inc., offices in Atlanta. Credit monitoring company Equifax says a breach exposed social security numbers and other data from about 143 million Americans. The Atlanta-based company said Thursday, Sept. 7, 2017, that "criminals" exploited a U.S. website application to access files between mid-May and July of this year. (AP Photo/Mike Stewart)

This July 21, 2012, photo shows Equifax Inc., offices in Atlanta....

Equifax, one of the three major consumer credit reporting agencies, has reported a massive data breach by hackers potentially affecting 143 million U.S. customers. The compromised information includes addresses, Social Security numbers, birth dates and, in some cases, driver’s license numbers and credit card information.

Security experts are encouraging every U.S. adult to assume that their private information has been compromised. The risks are potentially enormous. With such a trove of personal information, criminals can impersonate millions of consumers — generating new loans, debts, credit accounts and criminal records in their names.

When it comes to consumer security, this is as bad as it gets.

The entire U.S. adult American population is around 249 million people, so if you’re over the age of 18 there’s a better than 50 percent chance your information was taken.

The news gets worse.

Three senior executives, including the company’s chief financial officer, John Gamble, sold shares worth nearly $1.8 million in the days after the company discovered the breach in July.

Bloomberg has reported that the sale wasn’t planned in advance, which suggests the strong suspicion of insider trading.

Equifax can’t seem to learn from its mistakes, either. This is the third major breach of sensitive consumer information from Equifax in the past year.

The FBI and the Department of Homeland Security need to investigate the company, and they need to discover why it’s failed to implement appropriate cybersecurity measures to protect U.S. consumers.

Homeland Security must get involved because breaches of this scale and magnitude are a national security threat. In recent years, foreign hackers have been amassing detailed information about U.S. citizens in an effort to plan for future attacks against our country. This includes physical attacks against national infrastructure as well as blackmail against individual citizens.

As far as affected consumers, both Congress and the Consumer Financial Protection Bureau need to step in.

The bureau needs to ensure Equifax goes the extra mile to make its customers whole. It’s highly unlikely the company will do so of its own accord.

As for Congress, it’s time to demand that both companies and the government utilize better data protection policies.

These breaches threaten Americans’ economic security, and they threaten the country’s physical security. Cybersecurity can no longer be optional.

This commentary is from The Chronicle’s editorial board. We invite you to express your views in a letter to the editor. Please submit your letter via our online form: SFChronicle.com/letters.